The Perfect SMB Network

Welcome to the debut of what we hope will be a long-running series of Solutions Plus articles about setting up the "perfect" small-to-midsized business (SMB) network. We're starting from the beginning—right where you might find yourself at this very moment, if you're setting up a business. We want to walk you through each component that you need to consider for your business's infrastructure. Our goal is to fully outfit you with not only a perfect network foundation but also an elegant one. To that end, as we lay out the essentials of the SMB network, we'll also provide articles that show you how to most effectively put that network to use.

One of the initial challenges of successfully equipping the SMB network is understanding that the needs of the SMB are vastly different from those of the enterprise. In general, what works for the enterprise won't work for the SMB. The business organization, technical sophistication, and management requirements of an SMB are quite different. Complicating matters further is the fact that there's really no typical SMB. Small organizations can be entirely different from one another in terms of business requirements as well as technical capabilities. To begin this series, then, let's try to arrive at a general definition of the types of SMB networks, laying out the basic components and characteristics. Future articles in this series will use these topics as jumping-off points toward a deeper understanding of how to build the perfect SMB network.

Server vs. Workgroup
From a high-level view, you'll find two types of SMB networks: workgroup-style networks (which have no central server) and server-based networks (in which multiple servers might be running distinct workloads). For nominal file and print sharing, the workgroup style of network can suffice for the needs of as many as 10 people. If you're beyond that number, I recommend investing in a Windows Server OS and creating a server-based network. Although they're more expensive than workgroup-style networks, server-based networks offer huge scalability and manageability advantages.

The type of network you'll use determines your choice of OS. If you plan to implement a workgroup-style network, you'll definitely want Windows XP on your systems because you'll want to take advantage of that OS's built-in Windows Firewall and Internet Connection Sharing (ICS) capabilities. (As a step up, if your organization has a grasp of networking, you can substitute a standalone router and/or firewall devices in place of the built-in Windows tools.) If you plan to put a server-based network in place, Windows Server 2003 with Service Pack 1 (SP1) and Microsoft Small Business Server (SBS) 2003 provide a familiar management interface, as well as all the network services that your SMB will need. (Using NAS devices for file servers is a good middle-of-the road option for small workgroup-style networks that simply need more storage and don't necessarily need the management tools in Windows Server or SBS.)

Physical Components
No matter which style of network your SMB uses, you'll need to invest in some essential network hardware. But before you do, ask yourself whether you want to set up a traditional wired 100-baseT network or a wireless network via Wi-Fi. In a wired network, the locations of your network connections are fixed, whereas Wi-Fi provides greater mobility. Wired networks are typically more reliable and provide better performance. They also come with fewer security concerns.

Wired. For a wired network, you'll need a 100Mbps network card in each system, as well as a 100Mbps switch. You can still get older 10Mbps cards and network hubs, but you'll be much better off spending a few dollars more to get the tenfold performance increase and the extra hardware lifespan. Also, switches are the way to go. A hub must share bandwidth between all connections, whereas a switch can service all connections at full speed. However, for the SMB, there's no real need to spend the extra money that managed switches demand. Larger SMBs will want to utilize premise wiring and a patch panel; these considerations aren't necessary if you have just a few systems, but if you have a couple of dozen systems, the additional convenience they provide will pay off.

Wireless. If you want mobile network connectivity, or if you're setting up the network in a location that doesn't have existing wiring, going wireless can be an attractive alternative. For a wireless network, you'll need a Wi-Fi card in each network system and at least one wireless Access Point (AP). Choosing a wireless standard can be tricky because they tend to change pretty quickly. Currently, 802.11g is the most popular standard, offering 54Mbps speeds and a reasonable coverage area. Although 802.11g is compatible with 802.11b (the older 10Mbps Wi-Fi standard), you'll experience a decided performance penalty if you mix the two standards, preventing you from attaining the performance you might expect from 802.11g equipment. To ensure the security of your network, when you select Wi-Fi cards and APs, be sure to choose equipment that supports the latest Wi-Fi Protected Access (WPA) security standards. WPA provides much better security than the older Wired Equivalent Privacy (WEP) standard (which was, to be fair, infinitely better than no security at all). Most newer network equipment supports WPA. Don't buy cheaper equipment that supports only WEP. Remember, however, that having the capability and taking advantage of it are two different things. Today, many Wi-Fi networks are completely unsecured. Whether you use WEP or WPA, be sure to actually use it.

Infrastructure Services
After you put your physical network components in place, your next step is to establish your network-infrastructure components. These are the services—namely, TCP/IP, DHCP, DNS, and AD—that will make your network easier to use and manage.

TCP/IP. The foundation of the network infrastructure is the network protocol. There are a number of network protocols, but your only real choice is TCP/IP. Businesses have standardized on the TCP/IP network protocol for the past decade, and it's installed by default with all versions of Windows. To make TCP/IP more manageable, a set of services—DHCP, DNS, and AD—perform several important network functions.

DHCP. The first network-infrastructure service to consider is DHCP. The DHCP service automatically assigns TCP/IP addresses to systems on the network. Strictly speaking, DHCP isn't a requirement. You can manually assign TCP/IP addresses to each system. However, that method is manageable only if you have a small number of network systems. DHCP provides simple plug-and-go network connectivity by removing the need to manually configure new systems that are attached to the network. For workgroup-style networks, DHCP services are provided by XP's ICS feature. (Most standalone routers also provide this capability.) The DHCP service is included in Windows 2003, and you can use the Manage Your Server wizard to enable it.

DNS. The next essential network infrastructure component is DNS. The DNS service translates host names into TCP/IP addresses. For workgroup-style networks, using DNS to locate internal resources isn't always necessary; XP can find other networked systems without DNS. Also, you can take advantage of ISP-provided DNS services to achieve host-name resolution for Web browsing. However, if you have a server-based network, running your own DNS service is vital, and it's a requirement if you're planning to use AD.

AD. The final essential network-infrastructure component is AD, whose primary benefit is in the management of client systems through Group Policy. You can use AD only in a domain setup, so it isn't applicable to workgroup-style networks. You also don't need AD to set up network file and printer sharing in either Windows 2003 or Windows 2000 Server. The advantages of AD are obvious in larger networks, in which when you want to centrally manage network clients.

The Internet Connection
If you want to connect your network to the Internet, you'll need a broadband connection. Two basic types of broadband connections are appropriate for small businesses: DSL and cable. In terms of capabilities and cost, these choices are nearly equivalent. In many cases, your choice might be decided by the availability of the technology. Your ISP will typically provide you with at least one IP address that's either static or dynamically assigned, along with the router or cable modem necessary to connect your network to the Internet. Many routers have integrated switches that you can use to connect to your wired network. Likewise, many wireless APs come with a built-in switch that lets you use one device to both network your wireless devices and connect to the Internet.

After you're connected, you'll want to use Network Address Translation (NAT) to bridge your network's local IP addresses to the routable IP address that your ISP has assigned. NAT is a feature of most broadband routers; alternatively, Windows 2003's or XP's ICS feature can perform NAT functionality.

The firewall is another essential ingredient of the SMB network. Firewalls restrict both the inbound and outbound network traffic in your network. Several types of firewalls are available: standalone hardware-based firewall appliances, routers with built-in firewall capabilities, and software-based firewalls such as Microsoft ISA Server 2004. Firewall functionality is also typically incorporated into the routers that many broadband providers supply. All these options can be suitable for the SMB.

To prevent internal attacks resulting from either viruses or malicious hacks, consider running personal firewalls on all your network clients. XP has its built-in Windows Firewall functionality. If you're running Win2K or Windows 9x, you can use third-party firewalls such as Zone Labs' ZoneAlarm and McAfee's Managed Desktop Firewall.

Email Servers
Email is the one requirement common to all SMBs. You have several choices for providing company email to your SMB. Perhaps the easiest email setup is to use your ISP's email server. In most cases, the ISP that provides Internet connectivity or Web hosting can also provide multiple email accounts, thereby freeing you from the need to manage your own email server. You simply need to set up your network clients so that they utilize the ISP's mail server.

Alternatively, you can choose to run your own email server. If you want to host your email, you could choose a product such as Microsoft Small Business Server (SBS) 2003 with Exchange Server or a competing product such as Ipswich's Collaboration Suite or Kerio's MailServer. If you have a server-based network and you don't need calendar and scheduling capabilities, Windows 2003 has a basic POP3 mail server.

Here We Go!
With those essentials in mind, we'll now dig a little deeper, with our first Solutions Plus article in this series. In the following pages, contributing author Ed Roth will begin by focusing on the essential hardware components of the perfect SMB network. Stay tuned in the coming months for further articles in this exciting series, including a ground-up approach to backups and a look at fault-tolerant Internet access on the cheap!